MSRT September 2014 - Zemot

The Zemot family of trojan downloaders are frequently used by malware with a number of different payloads. We started seeing activity from TrojanDownloader:Win32/Upatre.B in late 2013 and identified this threat as the main distributor of the click fraud malware PWS:Win32/Zbot.gen!AP and PWS:Win32/Zbot.CF. We renamed the downloader to Zemot in May 2014.

Thank you Ron for this info, I learned some useful info on how this trojan initiate and spread.

IMHO, this is a very good example of some of the points I made in one of my previous posts in this forum regarding antivirus software, and the unrealistic consensus that "antivirus software is doomed and useless" among some members here. As we can see from this example that although zero day malware could be dangerous themselves, they are not necessarily doing a lot of damage yet, due to the short life it has. Instead, as it ages, it could grows more and more widespread and do more actual damage. While generally speaking, antivirus software is not the most effective solution against zero day malware, it will catch up within a matter of days or even hours, thanks to the hourly update that many antivirus software is using now. As you can see, before the malware get its popularity months after its first appearance, a decent antivirus program such as Kapsersky, Avira and F-secure has most likely already provided effective prevention of such malware. Therefore, the idea to get rid of antivirus and solely rely on behavior-based security solutions may not be the best way to defend one's system.

Sorry for the off-topic post but I hope some members may be able to make sense of what I was trying to say.